INTRODUCTION

Sasfin's risk management approach provides effective mechanisms to address the identification, measurement and evaluation of actual and potential risk areas. This, combined with a balanced approach to risk, and keeping in mind our optimum levels of risk appetite, ensures that we retain our entrepreneurial drive and remain able to achieve our core strategic, operational, financial and compliance objectives.

Risks can be described as the possibility that unforeseen future events could occur which could impact on the ability of the Group to achieve its desired objectives.

Failure to manage substantive risk effectively and in a timely manner can have severe consequences on business. Effective risk management therefore remains a key focus of management processes within Sasfin and our risk management framework addresses such risks as credit, funding, liquidity and interest rate risks, market, business and operational risks which include pricing, market penetration, service levels, the security of our staff, HR risks, assets and information, business disruption, legal documentation or contractual risk, technology risk, settlement, payment and processing risk, reputational risk, fraud risk and compliance with regulatory and statutory requirements risks.

PHILOSOPHY

The business of banking and financial services is conducted within an environment of complex interrelated risks. This has become even more applicable with the advent of the new regulations relating to banks, as amended for the Basel II Capital Accord, which has ushered in a more risk-sensitive approach to banking than any of its predecessors.

At Sasfin, risk management is regarded as being one of our competitive advantages.

Our risk management programme supports the view that the management of risk is the responsibility of all, and Sasfin proactively identifies risk in delivering products and services to the market in an efficient and cost effective manner. The programme also supports the analysis of problems from various angles, to identify not only the risk mitigation, but also to anticipate and act on potential opportunities – thereby challenging conventional wisdom and creating better solutions.

STRUCTURE

Risk is managed and monitored in accordance with the risk management framework of the board of directors, board committees, executive and operational management, compliance officers and the risk management functions of the operational units.

The risk management framework is designed to ensure:

• the detection and minimisation of significant risks;
  
• the reliability of financial information;
  
• the reliability and integrity of operational processes; and
  
• compliance with statutory and regulatory requirements.
  

Sasfin employs three lines of defence. The first line of defence includes the internal controls management has implemented in business. The second and third lines of defence are the Group Risk and Group Internal Audit Departments, respectively.

Sasfin has also applied an integrated approach to risk management. Group Internal Audit is able to utilise the risk assessment performed by Group Risk, in order to risk-rate their audits. In doing so, the Internal Audit function provides the board and management with an independent assessment of the effectiveness of the risk management processes within the Group.

The risk management responsibilities are carried by the following key committees:

• Boards of directors
  
• Group executive
  
• Directors' Affairs (Corporate Governance)
  
• Directors' Strategy and Review
  
• Asset and Liability
  
• Risk and Capital Management
  
• Credit Review
  
• Group and subsidiaries' Audit and Compliance
  
• Information Technology Steering
  
• Human Resources and Remuneration
  
• Group Strategy
  

ENTERPRISE RISK MANAGEMENT (ERM)

ERM is a process implemented by an entity's board of directors, management and other personnel and is applied in strategy setting across the enterprise. It is designed to identify potential events that may affect the entity and to manage risks remaining within its risk appetite to provide reasonable assurance regarding the achievement of entity objectives.

Sasfin's ERM, which has been rolled out across the organisation, supports the Basel ll Capital Accord imperatives relative to the determination and alignment of strategic objectives, capital requirements and risk management. The requirements of Basel II have also been incorporated into the Regulations to the Banks Act 94 of 1990. Sasfin also subscribes to the COSO Enterprise Risk Management Framework, which is then integrated with the requirements of the Basel II Capital Accord and the Regulations to the Banks Act.

Capital requirements are calculated using a risk-sensitive approach. The management of capital and capital adequacy is detailed in note 37 to the Financial Statements.

Sasfin's approach to the management of key risk areas is as follows:

CREDIT RISK

Represents the risk of loss incurred directly by providing credit or indirectly by assuming a financial obligation or by becoming exposed to counterparty failure.

Credit risk exists in both on- and off-balance sheet exposures and may arise from the non-performance by a borrower, counterparty or an issuer such as a securities firm.

Credit risk management processes are governed by the Group's credit policy guidelines. These guidelines are reviewed regularly and any amendments thereto are subject to the evaluation and approval of the Credit Review committee. Facilities granted to counterparties are governed by internal and prudential limits, which restrict large exposures relative to the Group's capital.

Credit facilities are approved within the credit mandate structure.

Large facilities are ratified by the Credit Review committee, with facilities above R18 million requiring approval by the Group board of directors.

Counterparty creditworthiness is evaluated in terms of policy guidelines and limits are set before credit is granted.

Risk mitigation includes:

Trade Finance	Various types of collateral are obtained to secure the exposure but the primary security is usually Notarial Bonds over movables, and ownership over goods financed.
Debtor Finance	Various types of collateral are obtained to secure the exposure but the primary security is usually the receivables purchased.
Equipment Finance	The primary security is the asset being financed.

The impairment policy of the Group is conservative and satisfies regulatory requirements.

LIQUIDITY RISK

The risk arising from the potential inability of the Group to accommodate decreases in liabilities or to fund increases in assets in full, at the right time, place and currency.

This area of risk is closely monitored by the Asset and Liability committee and is managed according to the policies of the committee and in accordance with the following process:

• maintenance of balance sheet liquidity ratios
  
• assessment of depositor concentration in terms of the overall funding mix
  
• ensuring an adequate portfolio of marketable assets and short term investments, and
  
• liquidity contingency plans relevant to changing needs.
  

INTEREST RATE RISK

Represents the risk that fluctuating interest rates could unfavourably affect the Group's earnings and the value of its assets, liabilities and/or capital.

This area of risk is closely monitored by the Asset and Liability committee, which approves the policies and limits for the management of interest rate risk and monitors these exposures and the effectiveness of the risk management processes.

Group Treasury's responsibility is to establish and maintain an interest rate risk management framework and to recommend appropriate risk limits.

MARKET RISK

Represents the risk of loss due to adverse movements in the market, for example, where interest rates rise because of changes in such factors as exchange rates, inflation and market liquidity. Sasfin does not enter into Proprietary Trading.

Approach:

• The board of directors grants general authority to undertake market risk. Limits are set for individual business units to contain losses within specified limits in the event of adverse market movements.
  
• Prospective investments require formal authorisation and have to undergo deal sanctioning. Market risk from investments is managed in accordance with its purpose and strategic benefit. Periodic reviews and reassessments are undertaken.
  
• Limited foreign exchange risk arises due to the low value of such transactions. It is Group policy not to have any material uncovered foreign exchange transactions.
  

OPERATIONAL RISK

Represents the risk of loss resulting from inadequate or failed internal processes, people and systems and/or from external events. Operational risk incorporates legal risk and excludes strategic risk.

Operational risk includes, amongst others, the potential for loss arising from flaws or malfunctioning in automated systems, business continuity planning, failures in internal financial and administrative controls and non-compliance with Group policies and procedures.

Control mechanisms have been established within the different divisions to manage operational risk. Divisional management apply their specialised knowledge of the markets in which they operate to fine-tune their risk control procedures and systems of internal control. Losses arising from Operational risk are tracked on a regular basis.